ConsenSys:
“We will collect all your data for (y)our security”

On November 24, 2022, ConsenSys updated their privacy policy.
The new policy includes the collection of information about all users when making transactions through MetaMask.

Let's figure it out in order.
Who are Consensys
ConsenSys is a start-up blockchain created by Ethereum network co-founder Joseph Lubbin. Earlier this year (March 2022), the company raised $450 million in a funding round sponsored by companies such as Microsoft, SoftBank and Temasek. ConsenSys develops software that runs on the Ethereum network.
ConsenSys is a start-up blockchain created by Ethereum network co-founder Joseph Lubbin
The startup's best-known products are the MetaMask wallet and a set of tools for creating applications for the Ethereum network called Infura.
What does Metamask and Infura have to do with it
  • MetaMask is a non-custodial wallet created by ConsenSys

    MetaMask is a non-custodial wallet created by ConsenSys, it supports a large number of cryptocurrencies and is compatible with EVM networks. Of the entire list of the most popular cryptocurrencies, it does not support only Solana and Tron.

  • Infura is a node provider that allows developers to connect to the Ethereum network using nodes managed by this company

    Infura is a node provider that allows developers to connect to the Ethereum network using nodes managed by this company. Thus, developers save time amd money.

To connect your product to the blockchain, a developer needs a node, but not every developer can afford to maintain their own node.

Thus, it is easier to pay Infura for the provision of an already operating node, and direct all resources to your product.

Simply put, Infura is a good tool, but it's a step back towards centralization.
ConsenSys privacy update
On November 24, an update was released, which stated that:
When using Infura as an RPC* in MetaMask, ConsenSys will collect users IP, IDs and wallet addresses as per the updated privacy policy.

*RPC - remote procedure call

The data will be collected in a variety of ways and may include:

  • first name, last name, username or similar identifier, customer name, date of birth and gender;
  • postal address, email and phone number;
  • username and password, interests, preferences, feedback and survey responses;
  • feedback and correspondence;
  • financial information;
  • payment details and transaction data such as information about purchases through ConsenSys services;
  • data on the use of the company's products;
  • marketing information;
  • Ethereum wallet address, API key and network information related to transactions.

When using another RPC in MetaMask, this data is not collected.
Probably, some users will say that when registering and / or using the MetaMask wallet, no such data is indicated and all this is just formal regulatory documents. It seems to us that it is very likely that ConsenSys will be able to collect much of this data using ML algorithms and FingerPrint technology.
Fingerprint or sometimes Footprint is a complete digital fingerprint of the device, consisting of information about your operating system, settings, active browsers, installed plugins, etc.

You can check your fingerprint yourself at this link.
Fingerprint or sometimes Footprint is a complete digital fingerprint of the device, consisting of information about your operating system, settings, active browsers, installed plugins, etc.
Fingerprint collects a lot of data. The application shows only some of them.

Fingerprint technology combined with ML algorithms allows you to recognize the same user on different sites or during different visits. ConsenSys will have to connect this digital fingerprint with a resource where your email, name, payment details will appear somewhere ... in general, all the data that MetaMask stated in its new security policy.

First, ConsenSys has a number of proprietary solutions:
ConsenSys has a number of proprietary solutions
Secondly, the company can negotiate with third parties to purchase or exchange the necessary information. Naturally, in compliance with the legislation on personal data :)
ConsenSys developer comments
The company explained its decision to improve its services, as well as to ensure security, fraud protection and compliance with legal and regulatory requirements.

With the consent of users, personal data may be transferred to affiliated organizations, professional advisers and service providers to comply with legal requirements.

ConsenSys warned that, under certain circumstances, the company may deanonymize personal data without further notice. The team uses industry standard security measures and is not responsible for the interception, alteration or loss of information.
The reaction of the WEB3 world
The community suggested switching from Infura to Alchemy and using Trust Wallet and Rainbow as an alternative to ConsenSys wallet.

Uniswap founder Hayden Adams promised to add a built-in option to opt out of collecting anonymized data and added that users can turn off such analytics using an ad blocker.
Uniswap founder Hayden Adams promised to add a built-in option to opt out of collecting anonymized data and added that users can turn off such analytics using an ad blocker.
In our opinion, Uniswap is being tactful enough to give the user the choice to turn off the option, but judging by the fact that the ability to turn off data collection is currently only available through an ad blocker, data is still being collected openly.

We assume that in the future, this option will be enabled by default. With a high probability, while the user will disable the data collection function, all data using FingerPrint technology will already be collected.
Who else updated the privacy policy
On November 21, 2022, Uniswap updated the rules for collecting user data.

DEX uses certain network data and information associated with customers' crypto wallets to "make informed decisions and improve services."

The developers specified that this applies to mobile device identifiers, cookies, local storage information, OS data, software languages and browser version. The information helps, for example, to understand user preferences and improve interaction.
Uniswap protocol
Uniswap has confirmed that it is checking customers' wallets with third-party analytics tools to detect illegal activity.

The exchange also warned users that it may share certain data with infrastructure service providers like Infura and Cloudflare.

The platform will also share available information at the request of the judiciary and, if necessary, to a third party for compliance.

To their update, the team added:
First of all, we do not collect or store personal information such as first name, last name, postal address, date of birth, email or IP address.
Results
The events of the end of November showed that the moves towards centralization do not affect the decentralized WEB3 world in the best light.

Companies that were (and are) node providers are ready to collect information about the user where the safety of users is encrypted with SHA-256 algorithms, and privacy is hidden behind a mask of faceless but public characters.